bypassing ASM from specific source IP

Question

Hello guys&nbsp;What is the alternative irule for this:https://clouddocs.f5.com/api/irules/ASM__disable.html&nbsp;The HTTP_CLASS_SELECTED is not recognized anymore in newer versions&nbsp;I know it is possible to configure this via regular policy but for this specific situation I prefer irule&nbsp;

keesvandenbos · Answer

Hi,&nbsp;Why do you prefer an irule??&nbsp;Cheers,&nbsp;Kees

abed_al-r · Answer

Not up to my choice Its shared management environment and its a customer decisionI totally know that whenever there is a chance to solve a problem with a policy, it is the preferred way.Anyhow, this irule solved the problem:when CLIENT_ACCEPTED {
   set allowed 0
   if { [class match [IP::client_addr] equals bypass_asm_class]  } {
      set allowed 1
   }
}
&nbsp;
when HTTP_REQUEST {
   if { $allowed } {
       #log local0.  "This client IP: [IP::client_addr] is allowed to bypass ASM"
       ASM::disable
   } else {
      ASM::enable /partition/asmpolcy
   }
}

keesvandenbos · Answer

Ok. And no policy is attached to the virtual server??Because that could cause issues. https://support.f5.com/csp/article/K18101546

abed_al-r · Answer

no, no policy attachedthanks for clarification

Forum Discussion

bypassing ASM from specific source IP

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

iRule to Force Source IP to Specific Backend Node

Bypass certificate check

Installing and Locking a Specific Version of F5 NGINX Plus

MSM Bypass

The Power of Source Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS